• Title/Summary/Keyword: End­to­End security

Search Result 739, Processing Time 0.023 seconds

An End-to-end IPSec Security Mechanism considering NAT-PT (NAT-PT를 고려한 단대단 IPSec 보안 메커니즘)

  • 현정식;황윤철;정윤수;이상호
    • Journal of KIISE:Information Networking
    • /
    • v.30 no.5
    • /
    • pp.604-613
    • /
    • 2003
  • Network Address Translation-Protocol Translation(NAT-PT) is an IPv4/IPv6 translation mechanism, as defined in RFC2766, allowing IPv6-only devices to communicate with IPv4-only devices and vice versa. But NAT-PT has the restriction that applies to IPv4 NAT where NAT-PT does not provide end-to-end security, which is a major goal of IPSec. Therefore it cannot support security services such as confidentiality, authentication, and integrity. In this paper, we propose secure NAT-PT(SNAT-PT) and the corresponding secure host architecture to support IPSec security service. And also tunneling scheme using dummy IP header is presented to show the valid operation of end-to-end IPSec protocol on the proposed architectures.

Forensic Analysis of Element Instant Messenger Artifacts (포렌식 관점에서의 Element 인스턴트 메신저 아티팩트 분석)

  • Cho, Jae-min;Byun, Hyeon-su;Yun, Hui-seo;Seo, Seung-hee;Lee, Chang-hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1113-1120
    • /
    • 2022
  • Recently, the investigation has been difficult due to the emergence of messengers that encrypt and store data for the purpose of protecting personal information and provide services such as end-to-end encryption with a focus on security. Accordingly, the number of crime cases using security messengers is increasing, but research on data decoding for security messengers is needed. Element security messengers provide end-to-end encryption functions so that only conversation participants can check conversation history, but research on decoding them is insufficient. Therefore, in this paper, we analyze the instant messenger Element, which provides end-to-end encryption, and propose a plaintext verification of the history of encrypted secure chat rooms using decryption keys stored in the Windows Credential Manager service without user passwords. In addition, we summarize the results of analyzing significant general and secure chat-related artifacts from a digital forensics investigation perspective.

An End to End Security in the WAP environment : TLS(Transport Layer Security)-Plus Protocol (WAP환경에서 안전한 종단간 보안을 제공하는 TLS(Transport Layer Security)-Plus 프로토콜)

  • 최진규;이헌길
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2002.04a
    • /
    • pp.811-813
    • /
    • 2002
  • WAP은 WAP Forum에서 제정한 무선 환경에서의 데이터 통신을 위한 표준 프로토콜이다. WAP에서는 보안 통신을 위한 프로토콜로서 WTLS(Wireless Transport Layer Security)를 제안하고 있다. 이것은 TCP/IP 상의 TLS(Transport Layer Security)를 바탕으로 무선 환경에 맞게 최적화한 것이다. 그러나, WAP은 기본적으로 게이트웨이 모델에 따른 프로토콜이라는 점과 무선 구간에서의 전송 효율을 높이기 위한 인코딩 기능 때문에 게이트웨이에서 클라이언트와 서버 사이에 교환되는 정보가 노출되는 이른바 종단간의 보안 (End-to-End Security)문제가 존재한다. 이러한 이유로 유선에서와는 달리 안전한 종단간 보안을 제공하지 못하고 있다. 이에 본 논문에서는 기존 TLS와 WTLS를 합친 새로운 TLS(Transport Layer Security)-Plus 프로토콜을 제안하여 무선 환경에서 무선 단말기에 부담을 주지 않는 안전한 종단간 보안을 제공하려고 한다.

  • PDF

Secure Framework for SIP-based VoIP Network (SIP 프로토콜을 기반으로 한 VoIP 네트워크를 위한 Secure Framework)

  • Han, Kyong-Heon;Choi, Dong-You;Bae, Yong-Guen
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.12 no.6
    • /
    • pp.1022-1025
    • /
    • 2008
  • Session Initiation Protocol (SIP) has become the call control protocol of choice for Voice over IP (VoIP) networks because of its open and extensible nature. However, the integrity of call signaling between sites is of utmost importance, and SIP is vulnerable to attackers when left unprotected. Currently a herby-hop security model is prevalent, wherein intermediaries forward a request towards the destination user agent sewer (UAS) without a user agent client (UAC) knowing whether or not the intermediary behaved in a trusted manner. This paper presents an integrated security model for SIP-based VoIP network by combining hop-by-hop security and end-to-end security.

A mechanism for end-to-end secure communication in heterogeneous tactical networks (이기종 전술통신망 종단간 암호화 통신을 위한 메커니즘)

  • Park, Cheol-Yong;Kim, Ki-Hong;Ryou, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.4
    • /
    • pp.625-634
    • /
    • 2014
  • Tactical networks is being operated in configuration that consisting of a variety of characteristics communication equipments and heterogeneous networks. In this configurations, end-to-end communication can be achieved using interworking gateway for converting the data format of the network and using encryption algorithm of the networks. The use of mechanism results in a problem that secure data cannot be transferred directly, reprocessing and processing delay of communication in heterogeneous tactical networks. That is, for encoding and decoding of data, the decryption of encrypted data and re-encryption processing must be required at the gateway between different networks. In this paper proposes to mechanism for end-to-end secure communication in heterogeneous tactical networks. Using the proposed method, end-to-end secure communication between heterogeneous tactical networks(PSTN-UHF networks) which removes the necessity of a gateway for converting data into data formats suitable for network to remove a transmission delay factor and enable real-time voice and data communication and achieve end-to-end security for heterogeneous tactical networks. we propose a novel mechanism for end-to-end secure communication over PSTN and UHF networks and evaluate against the performance of conventional mechanism. Our proposal is confirmed removal of security vulnerabilities, end-to-end secure communication in heterogeneous tactical networks.

A Study on the Effect of Learning Activities and Feedback Seeking Behavior toward the End Users' Faithful Appropriation of Information Security System (조직내 최종사용자의 합목적적인 정보보호 시스템 사용 내재화와 학습, 피드백 추구 행동 연구)

  • Kim, Min Woong;Cheong, Ki Ju
    • The Journal of Information Systems
    • /
    • v.25 no.3
    • /
    • pp.117-146
    • /
    • 2016
  • Purpose The purpose of this paper is to examine factors and mechanism inducing end users' faithful appropriation of information security behavior through the information security system. This study is also trying to find out the role of Employees' adaptive activities like learning and feedback seeking behavior for the information security in organizations. Design/methodology/approach An empirical study was carried out with a sample of employees working in the financial service company. Employees(n = 268) completed a written questionnaire. Structural equation modeling was used to analyze the data. Findings Results indicated that employees' learning activities and feedback seeking behavior fully mediated the effect of major information security factors toward end users' faithfulness of appropriation of information security systems. In order to increase the level of employees information security behavior in accordance with security guideline, organizations should facilitate interactions that support the feedback seeking process between employees on information security awareness and behavior. Additionally, organizations may reinforce these behaviors by periodical training and adopting bounty hunter systems.

Design of a Secure Web-mail System based on End-to-End (End-to-End 기반의 안전한 웹 메일 시스템 설계)

  • 전철우;이종후;이상호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.13 no.2
    • /
    • pp.13-29
    • /
    • 2003
  • Web-mail system is worthy of note as a next generation e-mail system for its mobility and easiness. But many web-mail system does not have any kind of security mechanism. Even if web-mail system provides security services, its degree of strength is too low. Using these web-mail systems, the e-mail is tabbed, modified or forged by attacker easily. To solve these problems, we design and implement secure web-mail system based on the international e-mail security standard S/MIME in this thesis. This secure web-mail system is composed of server system and client system The server system performs basic mail functions - sending/receiving the mails, storing the mails, and management of user information, etc. And the client system performs cryptographic functions - encryption/decryption of the mails, digital signing and validation, etc. Because client system performs cryptographic functions this secure web-mail system gives its reliability and safety, and provides end-to-end security between mail users. Also, this secure web-mail system increase system efficiency by minimize server load.

End-to-End Digital Secure Speech Communication over UHF and PSTN (UHF와 PSTN간 단대단 디지털 음성보안통신)

  • Kim, Ki-Hong
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.13 no.5
    • /
    • pp.2313-2318
    • /
    • 2012
  • With the widely applications of tactical radio networks, end-to-end secure speech communication in the heterogeneous network has become a very significant security issue. High-grade end-to-end speech security can be achieved using encryption algorithms at user ends. However, the use of encryption techniques results in a problem that encrypted speech data cannot be directly transmitted over heterogeneous tactical networks. That is, the decryption and re-encryption process must be fulfilled at the gateway between two different networks. In this paper, in order to solve this problem and to achieve optimal end-to-end speech security for heterogeneous tactical environments, we propose a novel mechanism for end-to-end secure speech transmission over ultra high frequency (UHF) and public switched telephone network (PSTN) and evaluate against the performance of conventional mechanism. Our proposed mechanism has advantages of no decryption and re-encryption at the gateway, no processing delay at the gateway, and good inter-operability over UHF and PSTN.

Performance Management and Analysis for Guaranteed End-to-End QoS Provisioning on MPLS-based Virtual Private LAN Service(VPLS)

  • Kim, Seong-Woo;Kim, Chul;Kim, Young-Tak
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.28 no.2B
    • /
    • pp.144-156
    • /
    • 2003
  • Internet/Intranet has been continuously enhanced by new emerging IP technologies such as differentiate service(DiffServ), IPSec(IP Security) and MPLS(Multi-protocol Label Switching) traffic engineering. According to the increased demands of various real-time multimedia services, ISP(Internet Service Provider) should provide enhanced end-to-end QoS(quality of service) and security features. Therefore, Internet and Intranet need the management functionality of sophisticated traffic engineering functions. In this paper, we design and implement the performance management functionality for the guaranteed end-to-end QoS provisioning on MPLS-based VPLS(Virtual Private LAN Service). We propose VPLS OAM(Operation, Administration and Maintenance) for efficient performance management. We focus on a scheme of QoS management and measurement of QoS parameters(such as delay, jitter, loss, etc.) using VPLS OAM functions. The proposed performance management system also supports performance tuning to enhance the provided QoS by re-adjusting the bandwidth of LSPs for VPLS. We present the experimental results of performance monitoring and analysis using a network simulator.

Analyses of Security into End-to-End Point Healthcare System based on Internet of Things (사물인터넷 기반의 헬스케어 시스템의 종단간 보안성 분석)

  • Kim, Jung Tae
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.7 no.6
    • /
    • pp.871-880
    • /
    • 2017
  • Recently, service based on internet is inter-connected and integrated with a variety of connection. This kind of internet of things consist of heterogenous devices such as sensor node, devices and end-to end equipment which used in conventional protocols and services. The representative system is healthcare system. From healthcare appliance used by IoT, patient and doctor can utilize healthcare information with safety and high speed management. It is very convenient management to operate mobility. But it induced security and vulnerability issues because it has small memory capacity, low power supply and low computing power. This made impossible to implement security algorithm with embedded engine based on hardware. Nowdays, we can't realize conventional standard algorithm due to these kinds of reasons. From the critical issues, it occurred security and vulnerability issues. Therefore, we analysed and compared with conventional method and proposed techniques. Finally, we evaluated security issues and requirement for end-to-end point healthcare system based on internet of things.